Thanks for the post.
I believe this _could_ in principal affect deployed services that have enabled
"Great Black Swamp" / GBS, which allows clients to use (some) functionality
without the Foolscap protocol (i.e. only HTTPS). The other use of Twisted Web
is for the localhost API.
That said, I'm not even 100% sure we have pipelining enabled in either case,
nor whether an attacker could actually leverage this some way. If anyone has
ideas, please share :)
As to "plain" async I guess you mean "will Tahoe-LAFS transition to using the
asyncio libraries instead of Twisted libraries" and the answer there is, "no".
At least, there are no current plans to do that. Newer code can use "async def"
and "await" though, and there _should_ be a better plan to transition towards
this newer style of syntax (instead of Deferred.addCallbacks() etc style).
Note that you can use Twisted and asyncio together if you use the correct
reactor -- but Tahoe-LAFS does not advertise nor support any sort of Python API
currently. That means most client use should treat Tahoe-LAFS as a "black box"
and it shouldn't matter what it's implemented in (e.g. not even Python).
--
meejah
_______________________________________________
tahoe-dev mailing list
tahoe-dev@lists.tahoe-lafs.org
https://lists.tahoe-lafs.org/mailman/listinfo/tahoe-dev
